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Office Action Summary 

.- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )H Responsive to communication(s) filed on 17 January 2001 . 
2a)D This action is FINAL. 2b)H This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 2,10-13.17-19,21,23.31. 33. 35-42 and 45 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 2.10-13.17-19.21.23.31.33.35-42 and 45 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 17 January 2001 is/are: a)l3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) S Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)S All b)D Some * c)D None of. 

1 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Priority 



1 . Receipt is acknowledged of papers submitted under 35 U.S.C. 1 19(a)-(d), which 
papers have been placed of record in the file. 



2. Claim 36 objected to because of the following informalities: there is a 
grammatical error at lines 8-10. Examiner suggests re-writing claim 36 lines 8-10 as 
follows "... the data processing system, after transmitting said operational 
communications parameters to the connectivity unit, triggering the wakeup means to 
send a Appropriate correction is required. 



3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 2, 31, 38, 40, and 45 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Slaby et al (hereinafter Slaby), International Publication WO 
99/21336, in view of Frailong et al (hereinafter Frailong), US Patent 6,073,172. 

As per claim 45, Slaby discloses configuring a connectivity unit for 
communication with a service entity (see for example; router, page 9 In 21-26), 



Claim Objections 



Claim Rejections - 35 USC § 103 
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comprising: Prior to a user taking possession of the unit, pre-installing 
configuration communication parameters including an identity-sequence (see for 
example; page 9 In 3-16); 

Storing user-related information for access by a configuration service (see 
for example; page 3 In 15-20); 

Establishing a connection between the connectivity unit and the 
configuration service using the configuration communication parameters (see for 
example; page 8 In 23-page 9 In 3), using the identity-sequence to authenticate 
the unit to the configuration service (see for example; page 9 In 3-1 3), and 
transferring from the service to the unit operational communication parameters 
including a user-id associating with a user identity derived from said user related 
information (see for example page 12 In 10-13); and 

Subsequently using the operational communication parameters to 
establish communication between the connectivity unit and service entity (see for 
example; page 1 1 In 26-page 12 In 10) with the user-id certificate being used to 
authenticate the unit to the entity (see for example; page 12 In 10-14). The 
means of using a username/password for transmitting to the service provider is 
well known in the art to serve as a means to authenticate the unit (router) to the 
service entity. 

As for use of certificates linking a public key to an identity sequence and 
user-id, Slaby further discloses a means of security through encryption (see for 
example; page 1 1 In 1 1-20). Thereby, a means of using encryption (encoding) 
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keys must exist in the system of Slaby. However, Slaby is silent on such means. 
Fraiiong further discloses a means of configuring a connectivity unit through the 
use of certificates linking a public key of a public-key/private-key cryptographic 
key pair to an identity (see for example; col 18 In 50-65). One of ordinary skill in 
the art at the time of the applicant's invention would have recognized that such 
use of certificates for identifying an end-point is advantageous to be used in both 
the identity sequence of user-id in identifying the connectivity unit. Furthermore, 
the use of such certificates to identify a user, using their user-id to service 
providers is well known in the art. It would have been obvious to one of ordinary 
skill in the art at the time of the applicant's invention to combine the teachings of 
Fraiiong within the system of Slaby because it would have provided a means of 
increased security through the use of trusted certificates for authenticating 
users/units and further would have allowed for establishing secure 
communications between peers using well known standards such as Secure 
Socket Layer. 

As per claim 2, Slaby-Frailong discloses the claimed limitations above 
(see claim 45). Slaby further user passing said user-related information to the 
configuration service (see for example; page 9 In 3-8). Slaby is silent of the 
means of purchasing, however many means of purchasing service from a service 
provider are well known in the art, including the use of a call center. Fraiiong 
further discloses a call center for such purchasing means (see for example; col 
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12 In 36-49) and communicating to the call center in one of the following ways: 
directly by telephone; directly by an electronic messaging system; indirectly 
through a third party who contacts the call center by telephone; indirectly through 
a third party who contacts the call center by an electronic messaging system (see 
for example; col 12 In 45-59). A call center is inherent in such purchasing means 
of Frailong to handle such calls, furthermore any means of communication with 
the call center is well known in the art and just as efficient. 

As per claim 31 , Slaby discloses a configuration service system with a 
connectivity unit having configuration communications parameters pre-installed 
therein prior to a user taking possession of the unit (see for example; page 9 In 3- 
16), pre-installing configuration communication parameters including an identity- 
sequence (see for example; page 9 In 3-16); 

A data processing system including a store for holding user-related 
information (see for example; page 3 In 15-20); 

Interface means for interfacing the data processing system with the 
communications infrastructure whereby to enable communication between the 
data processing system and the connectivity unit of the new user (see for 
example; page 9 In 8-12); access to the data processing system through the 
interface means requiring knowledge of at least one said configuration 
communications parameter (see for example, page 9 In 3-10). Slaby further 
discloses the data processing system further including; 
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Authentication means comprising means for verifying the authenticity of a 
said identity-sequence passed by a said connectivity unit to the data processing 
system across the communications infrastructure (see for example; page 9 In 1-8 
and page 11 In 17-21); 

Means for accessing the user-related information held in said store on the 
basis of a said identity sequence received from a said connectivity unit in a said 
identity-sequence authenticated by the authentication means (see for example; 
page 9 In 10-15), this identity sequence serving to identify the connectivity unit to 
the data processing system (see for example; page 9 In 3-16); 

Means for deriving for the connectivity unit of said new user, operational 
communication parameters on the basis of said user-related information (see for 
example page 9 In 8-14), these operational parameters including a user 
associating a user identity derived from said user-related information (see for 
example; page 12 In 10-14); and 

Means for transmitting said operational communications parameters to the 
connectivity unit operational for use by the latter for communicating with said 
service entity (see for example; page 9 In 8-20 and page 12 In 10-14). 

As for use of certificates linking a public key to an identity sequence and 
user-id, Slaby further discloses a means of security through encryption (see for 
example; page 11 In 11-20). Thereby, a means of using encryption (encoding) 
keys must exist in the system of Slaby. However, Slaby is silent on such means. 
Frailong further discloses a means of configuring a connectivity unit through the 
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use of certificates linking a public key of a public-key/private-key cryptographic 
key pair to an identity (see for example; col 18 In 50-65). One of ordinary skill in 
the art at the time of the applicant's invention would have recognized that such 
use of certificates for identifying an end-point is advantageous to be used in both 
the identity sequence of user-id in identifying the connectivity unit. Furthermore, 
the use of such certificates to identify a user, using their user-id to service 
providers is well known in the art. It would have been obvious to one of ordinary 
skill in the art at the time of the applicant's invention to combine the teachings of 
Frailong within the system of Slaby because it would have provided a means of 
increased security through the use of trusted certificates for authenticating 
users/units and further would have allowed for establishing secure 
communications between peers using well known standards such as Secure 
Socket Layer. 

As for a call center to which user-related information about a new user of a 
connectivity unit can be passed for entry into the data processing system for 
storage in said store; the user-related information including the identity sequence 
of the connectivity unit, Slaby further user passing said user-related information 
to the configuration service and user related information being established at 
time of purchase (see for example; page 9 In 3-8). Slaby is silent of the means of 
purchasing, however many means of purchasing service from a service provider 
are well known in the art, including the use of a call center. Frailong further 
discloses a call center for such purchasing means (see for example; col 12 In 36- 
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49) and communicating to the call center in one of the following ways: directly by 
telephone; directly by an electronic messaging system; indirectly through a third 
party who contacts the call center by telephone; indirectly through a third party 
who contacts the call center by an electronic messaging system (see for 
example; col 12 In 45-59). A call center is inherent in such purchasing means of 
Frailong to handle such calls, furthermore any means of communication with the 
call center is well known in the art and just as efficient. Furthermore, in order for 
authentication of the identity-sequence such a sequence must be registered to 
the configuration service for such comparisons as user-related data since each 
identity sequence is unique to the user. 

As per claim 38, Slaby discloses a connectivity unit comprising: A store 
holding configuration communications parameters including an identity-sequence 
(see for example; page 9 In 3-16); 

Communication means for establishing communication across said 
communications infrastructure with a remote entity in accordance with 
communications parameters held in said store (see for example; page 9 In 3-8), 
the communications means including authentication means for authenticating the 
connectivity unit to the remote entity (see for example; page 1 1 In 1 1-24), 
authentication means comprising means for passing a user-identity sequence to 
the remote entity (see for example; page 1 1 In 1 1-24) and 
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Configuration initiation means for causing the communication means to 
establish communication across said communications infrastructure with a 
configuration service by using said configuration communications parameters 
held in said store (see for example; page 9 In 3-8); 

Download means for downloading operational communications 
parameters from the configuration service and storing them in said store (see for 
example; page 9 In 8-20 and page 1 1 In 20-26); and 

Operational control means for causing the communication means to 
establish communication across said communications infrastructure with said 
service entity by using said operational communications parameters held in said 
store (see for example; page 9 In 13-20 and page 12 In 1-14); said operational 
communications parameters including a user-identity linking the identity of a user 
associated with connectivity unit (see for example; page 12 In 10-15), the user- 
identity being used by the authentication means for authenticating the 
connectivity unit to the service entity upon the operational control means causing 
the communication means to establish communication with the service entity 
(see for example; page 12 In 10-14). The means of using a userna me/password 
for transmitting to the service provider is well known in the art to serve as a 
means to authenticate the unit (router) to the service entity. 

As for use of certificates linking a public key to an identity sequence and 
user-id, Slaby further discloses a means of security through encryption (see for 
example; page 1 1 In 1 1-20). Thereby, a means of using encryption (encoding) 
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keys must exist in the system of Slaby. However, Slaby is silent on such means. 
Frailong further discloses a means of configuring a connectivity unit through the 
use of certificates linking a public key of a public-key/private-key cryptographic 
key pair to an identity (see for example; col 18 In 50-65). One of ordinary skill in 
the art at the time of the applicant's invention would have recognized that such 
use of certificates for identifying an end-point is advantageous to be used in both 
the identity sequence of user-id in identifying the connectivity unit. Furthermore, 
the use of such certificates to identify a user, using their user-id to service 
providers is well known in the art. It would have been obvious to one of ordinary 
skill in the art at the time of the applicant's invention to combine the teachings of 
Frailong within the system of Slaby because it would have provided a means of 
increased security through the use of trusted certificates for authenticating 
users/units and further would have allowed for establishing secure 
communications between peers using well known standards such as Secure 
Socket Layer. Furthermore, Frailong discloses use of such certificates for 
authentication of entities (see for example; col 18 In 46-54). The use of such 
certificates for authentication through passing them from one entity to another on 
a computer network is well known in the art. 

As per claim 40, Slaby-Frailong discloses the claimed limitations above 
(see claim 38). Slaby further configuration initiation means responsive to the 
absence of valid operational communications parameters in said store upon the 




A 



" Application/Control Number: 09/764,194 Page 11 

Art Unit: 2135 

connectivity unit being powered up and connected to the communications 
infrastructure (see for example page 18 In 20-26), to automatically trigger the 
communication means to establish communications with the configuration 
service without requiring the input of data by a user (see for example; page 8 In 
26-page 9 In 3 and page 18 In 20-26). 



5. Claims 10, 33, and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Slaby et al (hereinafter Slaby), International Publication WO 
99/21336, in view of Frailong et al (hereinafter Frailong), US Patent 6,073,172, and 
further in view of Carroll, US Patent 6,105,131 . 

As per claims 10 and 33, Slaby-Frailong discloses the claimed limitations 
above (see claims 45 and 31 ). As for a cryptographic-based challenge-response 
interchange conducted between the connectivity unit and configuration service. 
Frailong further discloses a means to confirm that the connectivity unit with the 
public key certificates (see for example; col 18 In 39-45). However, Slaby- 
Frailong does not explicitly teach a cryptographic-based challenge-response to 
confirm the connectivity unit is the possessor of the private key related to the 
public key passed in the identity-sequence certificate whereby to authenticate the 
unit as the one bearing the identity sequence included in the certificate. Carroll 
discloses a means of authorizing access to a service (see for example; abstract) 
and further discloses a means of authentication between two devices through a 
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cryptographic algorithm to confirm the valid possessor of the private key related 
to a public key (see for example; col 3 In 35-49). The use of such cryptographic- 
based challenge/response protocol is well known in the art for providing strong 
authentication of the correct holder of the private key of a certificate. It would 
have been obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine the teachings of Carroll within the Slaby-Frailong 
combination because it would have increased security by providing an added 
level of protection on the authenticity of the connectivity unit possessing the 
public key. 

As per claim 39, Slaby-Frailong discloses the claimed limitations above 
(see claim 38). As for generating and returning a response to a challenge issued 
by the remote entity, the generation of the response involving the use of said 
private key to effect a cryptographic operation on data included in the challenge. 
This means is well known in the art to be a cryptographic based 
challenge/response, which is encompassed in claim 10 above and is rejected for 
the same reasons. 

6. Claims 11-13, 17-19, 35, 41, and 42 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Slaby et al (hereinafter Slaby), International Publication WO 
99/21336, in view of Frailong et al (hereinafter Frailong), US Patent 6,073,172, and 
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further in view of Rigney et al (hereinafter Rigney), Remote Authentication Dial In User 
Service (RADIUS). 

As per claim 1 1 , Slaby-Frailong discloses the claimed limitations above 
(see claim 45). Siaby further discloses a data network to which the configuration 
service is connected (see for example; frame-relay network, page 8 In 9-26), and 
an access network to which the user has a subscriber connection (see for 
example; ISDN network, page 8 In 9-25). As for providing access to the data 
network through a data-network access point, access points are inherent to such 
networks in order to provide a connection to the network from a different network 
and are well known in the art in order to provide translation and forwarding of 
packets according to different network protocols. The process of establishing a 
connection between the connectivity unit and the configuration service involving 
the following sub-steps: 

The connectivity unit connects via the user's subscriber connection access 
the access network to the data-network access point using addressing 
information for the latter held as part of said configuration communication 
parameters (see for example; page 8 In 23-page 9 In 8). Such connection to an 
access point is well known in the art and is inherent to the means of performing a 
connection between two different networks using different network protocols. 

Slaby-Frailong does not explicitly teach the data-network access point 
authorizing access by the connectivity unit to the data network on the basis of a 
username and password. Rigney discloses a means of authentication wherein a 
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data-network access point authorizing access by the connectivity unit to the data 
network on the basis of a username and password (see for example page 3 
paragraphs 1-5) and the data-network access point (network access server) 
effecting this authorization by using the services of an authorization server 
associated with the configuration service (RADIUS server; see for example; page 
2 introduction-page 3 paragraph 5). As for the username and password being 
included in said configuration communications parameters and are passed to the 
access point by the connectivity unit, one of ordinary skill in the art would have 
recognized such including and passing means to be inherent in such a 
combination so as to provide the username and password to the network access 
server for authentication. It would have been obvious to one of ordinary skill in 
the art at the time of the applicant's invention to combine the teachings of Rigney 
within the Slaby-Frailong combination because it would have promoted security 
by providing means of authenticating the connectivity unit upon access to the 
configuration service through a widely used and well known authentication 
standard. Furthermore, the RADIUS standard is well known in the art to be a 
means of supporting the management of dispersed serial line and modem pools 
for large numbers of users, therefore creating the advantage of allowing a 
configuration service to provide authentication means to large number of users. 

As for upon access being authorized, the data-network access point 
assigns an address for the connectivity unit of the data network and passes this 
address to the authorization server which in turn passes it to a configuration 
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manager of the configuration service. Rigney further discloses connecting with 
client with the service upon authorization, see for example; section 2 pages 4-5). 
Furthermore, the assigning of an address for the connectivity unit of the data 
network is to be inherent to Slaby in order for communication to exist between 
the connectivity unit and other services between the two different networks. 
Frailong further discloses such address assigning for such communication 
between a connectivity unit and the data network (see for example col 21 In 4- 
11). 

As for the configuration manager prompted by the authorization server 
contacts the connectivity unit at the assigned address of the latter on the data 
network in order to download said operational communication parameters to the 
connectivity unit. Slaby discloses an alternative means of such downloading of 
said operational communication parameters to the connectivity unit wherein the 
connectivity unit connects to the configuration service (see for example; page 9 
In 3-8) in order to download said operational communication parameters to the 
connectivity unit (see for example; page 9 In 3-20). Slaby further discloses a 
means of downloading operational communication parameters to the connectivity 
unit wherein a configuration manager contacts the connectivity unit at the 
assigned address of the latter on the data network in order to download said 
operational communication parameters to the connectivity unit (see for example; 
page 12 In 16-page 13 In 14). As for the configuration manager being prompted 
by the authorization server, one of ordinary skill in the art at the time of the 
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applicant's invention would have recognized such a prompting means to be 
inherent in the Slaby-Frailong-Rigney combination for the means of restricting 
access before authorization. The means of a configuration manager prompting 
such download of parameters adds the advantage of reconfiguration or 
upgrading through the configuration service where the connectivity unit is not 
aware of such reconfiguration or upgrading and therefore would not connect to 
the configuration manager. 

As per claims 12 and 18, Slaby-Frailong-Rigney discloses the claimed 
limitations above (see claim 1 1 ). Slaby further discloses using the identity 
sequence as a means of verifying the connectivity unit (see for example; page 9 
in 1-8). The serial number is used to look up the user on the database, therefore, 
if an incorrect serial number is given, then the connectivity unit is not 
authenticated. Rigney further discloses the identity sequence of the connectivity 
unit is in the user name passed to the authorization server (see for example; 
page 5 paragraph 2) and is checked by the latter against a database of valid 
identity sequences (see for example; page 5 paragraph 2), access to the data 
network only being authorized if the identity sequence included in the user name 
is a valid one (see for example; page 5 paragraph 2). 

As per claims 13 and 19, Slaby-Frailong-Rigney discloses the claimed 
limitations above (see claim 1 1 ). Rigney further discloses the authorization 
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server being associated with a configuration domain (see for example; page 3 
paragraph 2-3, and SMTP address, page 18); the usemame passed by the 
connectivity unit to the data-network access point being of the form: identity 
sequence of connectivity unit @ configuration_domain (see for example; 
name@fqdn, page 18). As for the data-network access point recognizing the 
'configuration_domain' as indicating the authorization server to be used 
thereupon contacting the latter over the data network and passing it the identity 
sequence contained in the username it received from the connectivity unit. Such 
recognizing and contacting means are to be inherent to the teachings of Rigney. 
The identity of multiple servers across different domains (realms) with 
l configuration_domain' must be recognized by the data network access point 
which in managing where the packets are to be sent to in the data network. 
Without such recognizing, the data access network will not have any means of 
knowing which authorization server to send such an authentication request. 

As per claim 17, Slaby-Frailong discloses the claimed limitations above 
(see claim 45). Slaby further discloses a data network to which the configuration 
service is connected (see for example; frame-relay network, page 8 In 9-26), and 
an access network to which the user has a subscriber connection (see for 
example; ISDN network, page 8 In 9-25). As for providing access to the data 
network through a data-network access point, access points are inherent to such 
networks in order to provide a connection to the network from a different network 
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and are well known in the art in order to provide translation and forwarding of 
packets according to different network protocols. The process of establishing a 
connection between the connectivity unit and the configuration service involving 
the following sub-steps: 

The connectivity unit connects via the user's subscriber connection access 
the access network to the data-network access point using addressing 
information for the latter held as part of said configuration communication 
parameters (see for example; page 8 In 23-page 9 In 8). Such connection to an 
access point is well known in the art and is inherent to the means of performing a 
connection between two different networks using different network protocols. 

Slaby-Frailong does not explicitly teach the data-network access point 
authorizing access by the connectivity unit to the data network on the basis of a 
username and password. Rigney discloses a means of authentication wherein a 
data-network access point authorizing access by the connectivity unit to the data 
network on the basis of a username and password (see for example page 3 
paragraphs 1-5) and the data-network access point (network access server) 
effecting this authorization by using the services of an authorization server 
associated with the configuration service (RADIUS server; see for example; page 
2 introduction-page 3 paragraph 5). As for the username and password being 
included in said configuration communications parameters and are passed to the 
access point by the connectivity unit, one of ordinary skill in the art would have 
recognized such including and passing means to be inherent in such a 
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combination so as to provide the username and password to the network access 
server for authentication. It would have been obvious to one of ordinary skill in 
the art at the time of the applicant's invention to combine the teachings of Rigney 
within the Slaby-Frailong combination because it would have promoted security 
by providing means of authenticating the connectivity unit upon access to the 
configuration service through a widely used and well known authentication 
standard. Furthermore, the RADIUS standard is well known in the art to be a 
means of supporting the management of dispersed serial line and modem pools 
for large numbers of users, therefore creating the advantage of allowing a 
configuration service to provide authentication means to large number of users. 

As for upon access being authorized, the data-network access point 
assigns an address for the connectivity unit of the data network and passes this 
address to the authorization server which in turn passes it to a configuration 
manager of the configuration service. Rigney further discloses connecting with 
client with the service upon authorization, see for example; section 2 pages 4-5). 
Furthermore, the assigning of an address for the connectivity unit of the data 
network is to be inherent to Slaby in order for communication to exist between 
the connectivity unit and other services between the two different networks. 
Frailong further discloses such address assigning for such communication 
between a connectivity unit and the data network (see for example col 21 In 4- 
11). 
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As for the data-network access point assigning an address for the 
connectivity unit on the data network and passing this address to the connectivity 
unit. Slaby discloses an means of such downloading of said operational 
communication parameters to the connectivity unit wherein the connectivity unit 
connects to the configuration service (see for example; page 9 In 3-8) in order to 
download said operational communication parameters to the connectivity unit 
(see for example; page 9 In 3-20). Such communication between two different 
networks requires the connectivity unit to obtain a network address for the data 
network in order for connection to the configuration service on the data network. 
Therefore, the assigning of an address and passing means are to be inherent to 
Slaby in order for such downloading to exist. Frailong further discloses means of 
the connectivity unit obtaining the network address from a data network access 
point (see for example; col 21 In 4-1 1 ). As for the addressing and passing upon 
access being authorized, one of ordinary skill in the art at the time of the 
applicant's invention would have recognized such addressing and passing 
means to be inherent in the Slaby-Frailong-Rigney combination for the means of 
restricting access before authorization. Slaby further discloses the connectivity 
unit contacting the configuration manager over the data network at an address 
held by the connectivity unit as part of said configuration parameters (see for 
example; page 8 In 23-page 9 In 7; the address of the configuration manager 
must be present in order for such communication to the correct device on a 
network to exist), the configuration manager subsequently transmitting said 
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operational communication parameters to the connectivity unit (see for example; 
page 9 In 1 0-20 and pagel 1 In 1 1 -page 1 2 In 5). 



As per claim 35, Slaby-Frailong discloses the claimed limitations above 
(see claim 31 ). Slaby further discloses a data network to which the configuration 
service is connected (see for example; frame relay network, see for example 
page 8 In 15-21) and an access network to which the user has a subscriber 
connection (see for example; ISDN page 8 In 15-21 ). As for providing access to 
the data network through a data-network access point, access points are 
inherent to such networks in order to provide a connection to the network from a 
different network and are well known in the art in order to provide translation and 
forwarding of packets according to different network protocols. Slaby further 
discloses the configuration service system having its interface means connected 
to the data network (see for example; page 8 In 15-21). Slaby-Frailong does not 
explicitly teach the configuration service further comprising an authorization 
server for providing a logon authorization service to said data-network access 
point in respect of connectivity units requesting access to the configuration 
service system through that access point. Rigney discloses a means of 
authorizing devices (users) through an authorization server (RADIUS servers) for 
providing a logon authorization service to a data-network access point (network 
access server) in respect to users (connectivity units) requesting access to a 
service (configuration service system) through the access point (network access 
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server; see for example; section 2 pages 4-5). Both Rigney and the Slaby- 
Frailong combination disclose a means of authenticating users to a service entity 
would have been obvious to one of ordinary skill in the art at the time of the 
applicant's invention to combine the teachings of Rigney within the Slaby- 
Frailong combination because it would have promoted security by providing 
means of authenticating the connectivity unit upon access to the configuration 
service through a widely used and well known authentication standard. 
Furthermore, the RADIUS standard is well known in the art to be a means of 
supporting the management of dispersed serial line and modem pools for large 
numbers of users, therefore creating the advantage of allowing a configuration 
service to provide authentication means to large number of users. 



As per claim 41, Slaby-Frailong discloses the claimed limitations above 
(see claim 38). Slaby further discloses a data network (see for example; frame- 
relay network, page 8 In 9-26), and an access network to which the user has a 
subscriber connection (see for example; ISDN network, page 8 In 9-25). As for 
providing access to the data network through a data-network access point, 
access points are inherent to such networks in order to provide' a connection to 
the network from a different network and are well known in the art in order to 
provide translation and forwarding of packets according to different network 
protocols. As for said configuration communications parameters held in said 
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store further including the access network address of the data-network access 
point, Slaby discloses connecting to the data network through the use of 
configuration communication parameters (see for example; page 9 In 3-7). In 
order for such connection to be established, the access network address of the 
data-network access point must be disclosed so as to know where to send 
access requests. Therefore, such information being in said configuration 
communications parameters is inherent. 

As for providing access through a data-network access point being subject 
to a username/password authorization process, Slaby-Frailong does not explicitly 
teach such authorizing using a username/password. Rigney further discloses a 
username/password authorization process at a data-network access point 
(network access server), wherein a username and password for use in said 
authorization process (see for example; section 2 pages 4-5). As for the 
username including said identity sequence specific to the connectivity unit, Slaby 
discloses use of such an identity sequence specific to the connectivity unit (see 
for example; page 1 1 In 18-21 ). One of ordinary skill in the art at the time of the 
applicant's invention would have realized the authentication needing to be done 
based on the identity sequence (serial number) of the connectivity unit and 
therefore would have been able to include the identity sequence for use in such 
username/password authentication. 
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As per claim 42, Slaby-Frailong-Rigney discloses the claimed limitations 
above (see claim 41 ). Rigney further discloses the usemame is of the form: 
identity sequence of connectivity unit@ configuration_domain where the 
configuration_domain serves to indicate to the data-network access point 
authorization server to be used in the authorization process (see for example; 
name@fqdn, page 18). As for the data-network access point recognizing the 
'configuration_domain' as indicating the authorization server to be used 
thereupon contacting the latter over the data network and passing it the identity 
sequence contained in the username it received from the connectivity unit. Such 
recognizing and contacting means are to be inherent to the teachings of Rigney. 
The identity of multiple servers across different domains (realms) with 
'configuration_domain' must be recognized by the data network access point 
which in managing where the packets are to be sent to in the data network. 
Without such recognizing, the data access network will not have any means of 
knowing which authorization server to send such an authentication request. 

7. Claims 21 , 23, 36, and 37 are rejected under 35 U.S.C. 1 03(a) as being obvious 
over Slaby et al (hereinafter Slaby), International Publication WO 99/21336, in view of 
Frailong et al (hereinafter Fratlong), US Patent 6,073,172, and further in view of 
Zimmerman etal (hereinafter Zimmerman), US Patent 6,526,131. 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
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only under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 103(a) might be overcome 
by: (1) a showing under 37 CFR 1 .132 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not an 
invention "by another"; (2) a showing of a date of invention for the claimed subject 
matter of the application which corresponds to subject matter disclosed but not claimed 
in the reference, prior to the effective U.S. filing date of the reference under 37 CFR 
1 .131 ; or (3) an oath or declaration under 37 CFR 1 .130 stating that the application and 
reference are currently owned by the same party and that the inventor named in the 
application is the prior inventor under 35 U.S.C. 104, together with a terminal disclaimer 
in accordance with 37 CFR 1 .321 (c). For applications filed on or after November 29, 
1 999, this rejection might also be overcome by showing that the subject matter of the 
reference and the claimed invention were, at the time the invention was made, owned 
by the same person or subject to an obligation of assignment to the same person. See 
MPEP § 706.02(l)(1) and § 706.02(l)(2). 

As per claim 21, Slaby-Frailong discloses the claimed limitations above 
(see claim 45). Slaby further discloses the connectivity unit seeking to connect to 
the service entity using the said operational communications parameters to 
check that the connectivity unit has been correctly configured for communication 
with the service entity (see for example; 12 In 2-14). Slaby-Frailong is silent on 
the configuration service initiating the sending of a wake-up indication to the 
connectivity unit. Zimmerman further discloses sending wake-up indication (see 
for example; col 1 In 59-col 2 In 6) as being well known in the art. Such wake-up 
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indication means is used to overcome cost differential between outbound and 
inbound calls to the initiating part (see for example col 1 In 26-35). Furthermore, 
such wake-up means will allow for the connectivity unit to be disconnected during 
authorization process, thus relieving the telephone line for other uses until 
authorization process is completed. It would have been obvious to one of 
ordinary skill in the art at the time of the applicant's invention to combine the 
teachings of Zimmerman within the Slaby-Frailong combination because it would 
have provided a means of saving money during initialization and further freed up 
the connection line (telephone line) for other uses during authorization (see for 
example; col 1 In 18-35). 

As per claim 23 and 37, Slaby-Frailong discloses the claimed limitations 
above (see claims 21 and 36). Slaby further discloses a data network to which 
the configuration service is connected (see for example; frame relay network, see 
for example page 8 In 1 5-21 ) and an access network to which the user has a 
subscriber connection (see for example; ISDN page 8 In 15-21 ); and wherein an 
identifier of the subscriber connection on said access network is stored with said 
user-related information (see for example page 8 In 23-page 9 In 20). As for 
providing access to the data network through a data-network access point, 
access points are inherent to such networks in order to provide a connection to 
the network from a different network and are well known in the art in order to 
provide translation and forwarding of packets according to different network 
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protocols. Zimmerman further discloses said wake-up indication taking the form 
of a call placed to said subscriber (see for example; col 1 In 59-66). 



As per claim 36, Slaby-Frailong discloses the claimed limitations above 
(see claim 31 ). Slaby further discloses the connectivity unit seeking to connect to 
the service entity after transmitting said operational communication parameter 
(see for example; 12 In 2-14). 

Slaby-Frailong is silent on the configuration service initiating the sending 
of a wake-up indication to the connectivity unit. Zimmerman further discloses 
sending wake-up indication (see for example; col 1 In 59-col 2 In 6) as being well 
known in the art. Such wake-up indication means is used to overcome cost 
differential between outbound and inbound calls to the initiating part (see for 
example col 1 In 26-35). Furthermore, such wake-up means will allow for the 
connectivity unit to be disconnected during authorization process, thus relieving 
the telephone line for other uses until authorization process is completed. It 
would have been obvious to one of ordinary skill in the art at the time of the 
applicant's invention to combine the teachings of Zimmerman within the Slaby- 
Frailong combination because it would have provided a means of saving money 
during initialization and further freed up the connection line (telephone line) for 
other uses during authorization (see for example; col 1 In 18-35). line) for other 
uses during authorization (see for example; col 1 In 18-35). 
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As for triggering the wakeup means to send a said wakeup indication to 
the connectivity unit after the latter has terminated its communication with the 
data processing system. One of ordinary skill in the art at the time of the 
applicant's invention would have recognized such means through the 
combination of Slaby-Frailong and Zimmerman. Such wakeup means must be 
triggered to initiate such wakeup indication sending. Furthermore, if the 
connectivity unit hasn't terminated its communication with the data processing 
system, then such wakeup means is not possible since the connectivity unit is 
still in connection with another device. Therefore such triggering of wakeup 
means is to be inherent to the Slaby-Frailong-Zimmerman combination. 



Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US Patent 5,434,91 1 , to Gray et al, discloses a wakeup signal for initiating 
communication. 

US Patent 5,633,932, to Davis et al, discloses a means of a cryptographic-based 
challenge/response for authenticating user's and their keys. 

US Patent 6,385,651, to Danes et al, discloses a means of user certificates for 
authenticating a user with public/private key pairs. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Allen S. Wu whose telephone number is 703-305-0708. 
The examiner can normally be reached on Monday-Friday 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703-305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Patent Examiner 
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